Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rs8dM-0053vM-Eo for pgsql-hackers@arkaria.postgresql.org; Wed, 03 Apr 2024 21:59:04 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rs8dL-009UWK-9J for pgsql-hackers@arkaria.postgresql.org; Wed, 03 Apr 2024 21:59:03 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rs8dK-009UWC-Vf for pgsql-hackers@lists.postgresql.org; Wed, 03 Apr 2024 21:59:02 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rs8dI-000UaY-EF for pgsql-hackers@postgresql.org; Wed, 03 Apr 2024 21:59:02 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 433Lwt9U385939; Wed, 3 Apr 2024 17:58:55 -0400 From: Tom Lane To: Magnus Hagander cc: Andres Freund , Bruce Momjian , PostgreSQL-development Subject: Re: Security lessons from liblzma - libsystemd In-reply-to: References: <20240403175721.l4r55sw4vcsrgpww@awork3.anarazel.de> Comments: In-reply-to Magnus Hagander message dated "Wed, 03 Apr 2024 23:19:54 +0200" MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-ID: <385937.1712181535.1@sss.pgh.pa.us> Content-Transfer-Encoding: 8bit Date: Wed, 03 Apr 2024 17:58:55 -0400 Message-ID: <385938.1712181535@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Magnus Hagander writes: > On Wed, Apr 3, 2024 at 7:57 PM Andres Freund wrote: >> Openssh has now integrated [1] a patch to remove the dependency on >> libsystemd >> for triggering service manager readyness notifications, by inlining the >> necessary function. That's not hard, the protocol is pretty simple. >> I suspect we should do the same. We're not even close to being a target as >> attractive as openssh, but still, it seems unnecessary. > +1. I didn't read the patch, but if it's short and stable enough then this seems like a good idea. (If openssh and we are using such a patch, that will probably be a big enough stake in the ground to prevent somebody deciding to change the protocol ...) >> An argument could be made to instead just remove support, but I think it's >> quite valuable to have intra service dependencies that can rely on the >> server actually having started up. > If we remove support we're basically just asking most of our linux > packagers to add it back in, and they will add it back in the same way we > did it. I think we do everybody a disservice if we do that. It's useful > functionality. Yeah, that idea seems particularly silly in view of the desire expressed earlier in this thread to reduce the number of patches carried by packagers. People packaging for systemd-using distros will not consider that this functionality is optional. regards, tom lane